Primary PurposeAhold Delhaize Group's Threat Defense Operations (TDO) team is seeking an experienced cybersecurity professional to lead the development and optimization of detection and response capabilities. TDO is responsible for designing, implementing, and maintaining detection logic across Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms within a global environment. This role plays a critical part in improving the organization's ability to detect, analyze, and respond to advanced cyber threats by integrating threat intelligence, automation, and engineering best practices. The position also contributes to advancing detection maturity and mentoring team members.
Duties & Responsibilities- Collaborate with Cyber Threat Intelligence (CTI), Advanced Cyber Engineering (ACE), and Incident Response (IR) teams to operationalize threat intelligence into high-fidelity detection use cases
- Lead the creation and implementation of automation solutions to enhance detection, response, and operational efficiency (e.g., detection-as-code, SOAR workflows)
- Perform advanced testing and validation of detection controls to ensure effectiveness against real-world adversary tactics and techniques
- Continuously tune and optimize detection rules and analytics to improve signal quality and reduce alert fatigue
- Maintain and enhance SIEM data pipelines, including parsing, enrichment, and normalization of log sources
- Monitor emerging threat actor tactics, techniques, and procedures (TTPs) and align detection strategies with frameworks such as MITRE ATT&C
- Provide audit and compliance support by producing evidence and ensuring detection processes meet regulatory and internal standards
- Develop and maintain comprehensive documentation, including detection logic, runbooks, and operational procedures
- Provide technical guidance and mentorship to junior and mid-level analysts, contributing to team development and knowledge sharing
- Participate in incident investigations and provide subject matter expertise in threat detection and analysis
Qualifications- 3-5 years of experience in cybersecurity, with a focus on threat detection, SOC operations, or incident response
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience
- Strong experience developing and tuning detection logic within SIEM and/or EDR platforms
- Advanced proficiency in Kusto Query Language (KQL) or similar query languages (e.g., SPL, SQL)
- Experience with Infrastructure-as-Code (IaC) and DevOps practices (e.g., Terraform, Git-based workflows)
- Strong understanding of attacker tactics, techniques, and procedures (TTPs) and experience leveraging frameworks such as MITRE ATT&CK
- Experience building or supporting automation within security operations (e.g., scripting, SOAR, or workflow automation)
- Strong analytical, problem-solving, and troubleshooting skills
- Excellent written and verbal communication skills
Preferred Qualifications- Relevant advanced cybersecurity certifications (e.g., GIAC, CISSP, GCIA, GCIH, or similar)
- Experience with detection engineering practices (e.g., detection-as-code, CI/CD pipelines for security content)
- Experience in cloud security environments (e.g., AWS, Azure, GCP) and cloud-native detection strategies
- Experience performing threat hunting and advanced incident investigations
- Experience working in large-scale or global enterprise environments
